but how many signatures are present in [sig ...]? Is num_of_signatures the actual number of signatures provided or is it the number of valid signatures required for OP_CHECKMULTISIG to return true?

I'm reading the code for OP_CHECKMULTISIG in script.cpp. It allows for fewer signatures than public keys but seems to iterate through both the signatures and public keys without any attempt to find out which ones are missing. I don't see how this could work for even a 1 of 2 multisignature transaction in both cases where, in the first case the signature matches the first public key and in the second case the signature matches the second public key.

Even if both signatures are provided but one is just invalid, the verification will fail as nSigsCount will only be 1 and if the first verification fails, the other will not even be attempted.

Anyway, so that this thread isn't a complete waste of time I'd like to observe that the current way of matching signatures to public keys is very wasteful of computation. For example, if you have a 1 of 100 multisignature then the code goes through the public keys sequentially trying to verify the signature until it either succeeds or runs out of public keys. As each transaction is verified each time it is relayed, wouldn't it make sense to indicate in the scriptSig the number of public keys to skip before attempting to verify the signature. This could be an (optional?) 1 byte parameter which would save a very large number of unnecessary signature verification attempts.

Anyway, so that this thread isn't a complete waste of time I'd like to observe that the current way of matching signatures to public keys is very wasteful of computation. For example, if you have a 1 of 100 multisignature then the code goes through the public keys sequentially trying to verify the signature until it either succeeds or runs out of public keys. As each transaction is verified each time it is relayed, wouldn't it make sense to indicate in the scriptSig the number of public keys to skip before attempting to verify the signature. This could be an (optional?) 1 byte parameter which would save a very large number of unnecessary signature verification attempts.

It looks like it was necessary for me to qualify that the whole thread presupposes that a template allowing OP_CHECKMULTISIG in a transaction is added to the "standard" list for some reason in the near future.